4.4 Duplicate submissions

I don't know if you've ever seen some blogs or BBS' that have more than one post that are exactly the same, but I can tell you that it's because users submitted duplicate post forms. There are many things that can cause duplicate submissions; sometimes users just double click the submit button, or they want to modify some content after posting and press the back button. In some cases it is by the intentional actions of malicious users. It's easy to see how duplicate submissions can lead to many problems. Thus, we have to use effective means to prevent it.

The solution is to add a hidden field with a unique token to your form, and to always check this token before processing the incoming data. Also, if you are using Ajax to submit a form, use JavaScript to disable the submit button once the form has been submitted.

We use an MD5 hash (time stamp) to generate the token, and added it to both a hidden field on the client side form and a session cookie on the server side (Chapter 6). We can then use this token to check whether or not this form was submitted.